SecureFact – Cyber Security News – Week of September 15, 2025

The Panama Ministry of Economy and Finance disclosed a ransomware breach by the INC group in September 2025.
Approximately 1.5 terabytes of data were stolen, including emails, financial, budgeting, and official documents.
Key operational systems were not affected and remained functional.
The ministry isolated the compromised workstation and initiated forensic analysis.
They reinforced endpoint security, applied Windows patches, implemented multi-factor authentication, and improved email filtering. Personal and institutional data were reportedly protected by existing security controls.
The INC group published sample data to prove the breach.
No specific mention of law enforcement involvement was made

Jaguar Land Rover (JLR) confirmed that a recent cyberattack resulted in data theft, impacting their production operations significantly.
The company has not disclosed the exact volume of data breached or specified the types of data affected, leaving it unclear whether customer, supplier, or internal data was stolen.
The attack forced the suspension of car manufacturing at UK facilities, affecting global production of about 1,000 vehicles daily.
JLR is conducting a forensic investigation and has informed relevant regulatory authorities as part of their response.
Mitigation steps include working with third-party cybersecurity experts to safely restart their global IT systems.
The company has pledged to notify individuals directly if it is confirmed their data was compromised.
Operational disruption continues while the investigation and recovery efforts proceed.
JLR has expressed regret for the impact of the incident on their customers and employees and continues to provide updates as the situation evolves.

Lovesac, an American furniture brand, suffered a data breach between February 12 and March 3, 2025, when unauthorized hackers accessed its internal systems.
The attackers stole approximately 40 GB of data, as claimed by the ransomware group RansomHub.
The breached data included full names and other personal information, though the exact details and number of affected individuals remain undisclosed.
The breach was discovered on February 28, 2025, and it took Lovesac three days to fully remediate the situation and block the attackers’ network access.
The company has notified impacted individuals and is offering 24 months of complimentary credit monitoring through Experian. Lovesac also reported the breach to multiple state Attorneys General.
There is no current indication that the stolen data has been misused, but affected parties are advised to remain vigilant against phishing attempts.
The ransomware group threatened to leak the stolen data if a ransom was not paid, highlighting the double extortion nature of the attack.

Plex has experienced a data breach involving unauthorized access to a limited subset of customer data from one of its databases.
The breached data included usernames, email addresses, securely hashed (scrambled) passwords, and some authentication information.
Plex confirmed that credit card or payment data was not stored on their servers and thus was not affected.
The company has about 25 million users, but the exact number of affected accounts is not disclosed; some reports mention potentially around 15 million users impacted.
In response, Plex urged all users to reset their passwords, log out of connected devices, and enable two-factor authentication if not already active. The breach method used was quickly addressed, and Plex is conducting additional security reviews to strengthen system defenses.
Plex also warned users to be cautious of phishing attacks that could come from the breach-related email leak.
Despite the breach, the hashed passwords are currently unreadable, but changing passwords is recommended as a precautionary step. No ransom demand or hacker communication has been announced so far.

The architecture firm 10DESIGN allegedly suffered a data breach with their database leaked on the dark web.
The breach reportedly involved the leak of company and employee information.
Although exact data volume was not specified, the leaked data included personal details such as names, email addresses, phone numbers, and potentially other contact information.
No specific mention of sensitive financial or medical data was found.
Following the breach, 10DESIGN reportedly took mitigation steps including shutting down compromised systems to prevent further data loss.
The firm appears to have involved law enforcement to investigate the breach.
There is no mention of credit monitoring services being offered to affected individuals.

Nearly 689,000 individuals were affected by the FinWise data breach, which involved a former employee accessing or acquiring customer data after their employment ended.
The breach was undetected for over a year, occurring on May 31, 2024, but only discovered on June 18, 2025.
The types of data involved have been redacted from public disclosure, but the breach affected customers of FinWise Bank and American First Finance, a poor-credit lender.
Upon discovery, FinWise immediately launched an investigation with cybersecurity experts to assess the scope of sensitive data accessed by the insider.
The company has offered all affected individuals 12 months of free credit monitoring and identity theft protection as mitigation steps.
There has been no detailed public disclosure of the specific data types compromised, and neither FinWise nor AFF provided further public statements.
The incident highlights risks linked to insider threats and delayed breach detection in financial services. Law enforcement involvement or further mitigation beyond credit monitoring was not mentioned in available reports